CN105187303A - Reverse-engineering-resistant safe E-mail forwarding system and method - Google Patents

Abstract

The invention discloses a reverse-engineering-resistant safe E-mail forwarding system and method. The system comprises a secret mail re-encryption module and a re-encrypted mail recovery module, wherein the secret mail re-encryption module comprises a preprocessed parameter generating unit, a re-encryption tuple generating unit, a confused re-encryption processing unit and a re-encryption output unit; and the re-encrypted mail recovery module comprises a re-encrypted mail receiving unit, a re-encrypted mail decryption unit and an original mail searching unit. The method comprises an E-mail re-encryption method and an E-mail re-encryption recovery method. The reverse-engineering-resistant safe E-mail forwarding system and method have the characteristics of low realization complexity, high safety, recovery simplicity and the like and are suitable for re-encrypting and forwarding a mail through a third-party mail service provider under the conditions that the private keys of the original mail receiver and the mail agent receiver are not leaked, and any information of the mail is not leaked.

Description

A kind of safety of electronic mail repeater system of anti-reverse-engineering and method

Technical field

The invention belongs to technical field of data security, relate to a kind of safety of electronic mail repeater system and method, in particular to the third-party mail server of one, using Email as object, cryptological technique is combined with cloud computing, prevents re-encryption repeater system and the method for the safety of the leakage of Email and private key.

Background technology

Along with internet developing rapidly and universal, Email become in network be most widely used, one of most popular service.The user of Email has developed into average family from business, science, education sector, and the safety of certified mail itself and Email also seem more and more important to the impact of system.Current for secret needs, increasing mail encryptedly can send to addressee afterwards, but when addressee can not process these mails in time, when needing other people to process, re-use the public key encryption mail acting on behalf of addressee and be transmitted to after must first mail being deciphered and act on behalf of addressee.These complex steps, and if this process give a fly-by-night mail server and do, as easy as rolling off a logly cause that the private key of addressee leaks, mail expressly all leaks.Therefore, a kind of Email of identity-based of anti-reverse-engineering obscures re-encryption forwarding scheme is significantly.

Encryption mechanism is that protection mail stores and the important means transmitted in the server; safe storage scheme is widely used; but process because privacy enhanced mail often needs mail server to be transmitted to other people; do not wish again to act on behalf of the private key that addressee gets original addressee, therefore need consideration to act on behalf of re-encryption scheme.In addition, because some third party's mail server is also not exclusively credible, may there is reverse-engineering and original e-mail be calculated, therefore, acting on behalf of re-encryption scheme needs to resist the fail safe that mail is guaranteed in this reverse-engineering computing.

What current mail server used acts on behalf of two kinds of conventional technology of Re-encryption Technology scheme: mail deciphering, email encryption.Mail deciphering uses the private key of original addressee to decrypt mail expressly, and email encryption is then be encrypted mail with the PKI acting on behalf of addressee.Then, there is more problem in current scheme:

(1) in the server mail is decrypted, then have leaked the plaintext of mail, the private key information of the original addressee of also leaking;

(2) use simple re-encrypted private key to carry out re-encryption to mail, be very easy to all be calculated by the private key of reverse-engineering computing by the plaintext of mail and original addressee.

Summary of the invention

The object of the invention is to improve that Email carries out re-encryption on third-party server, fail safe when forwarding, integrality and degeneration-resistant to engineering; the present invention is obscured by the safety of counterweight cryptographic algorithm; largely protect re-encryption program, make the key of user, Mail Contents be obtained for great protection.

The technical scheme that system of the present invention adopts is: a kind of safety of electronic mail repeater system of anti-reverse-engineering, is characterized in that: recover module by secret mail re-encryption module and re-encryption mail and form;

Described secret mail re-encryption module comprises pretreatment parameter generation unit, re-encryption tuple generation unit, the re-encryption processing unit obscured, re-encryption output unit;

Described re-encryption mail recovers module and comprises re-encryption mail reception unit, re-encryption mail decryption unit, original e-mail search unit;

Described pretreatment parameter generation unit is responsible for selected parameter, reads the private key of mail original receivers and the PKI of mail agent recipient, for described re-encryption tuple generation unit provides functional foundations; Described re-encryption tuple generation unit be responsible for use described in pretreatment parameter generation unit produce parameter and public and private key to generate re-encryption tuple (re-encryption tuple both can not leak the private key of mail original receivers, also can not leak the private key of mail agent recipient); The re-encryption tuple that the described re-encryption processing unit obscured is generated by described re-encryption tuple generation unit carries out re-encryption computing to the privacy enhanced mail received; Described re-encryption output unit is responsible for the result after exporting re-encryption; Described re-encryption mail reception unit is responsible for the result that the re-encryption output unit described in reception exports; The mail that described re-encryption mail decryption unit is responsible for using the private key acting on behalf of recipient to receive to decipher described re-encryption mail reception unit; Described original e-mail search unit is responsible for using bilinear operation to search out the complete content of original e-mail.

The technical scheme that method of the present invention adopts is: a kind of safety of electronic mail retransmission method of anti-reverse-engineering, is characterized in that: comprise restoration methods after Email re-encryption method and Email re-encryption;

Described Email re-encryption method, comprises the following steps:

Step 1.1: generate parameter; First selected desired parameters, reads the private key of mail original receivers and the PKI of mail agent recipient, and encryption tuple of attaching most importance to generation unit provides functional foundations;

Step 1.2: be responsible for using the parameter of pretreatment parameter generation unit generation and public and private key to generate re-encryption tuple;

Step 1.3: the re-encryption tuple generated by re-encryption tuple generation unit carries out re-encryption computing to the privacy enhanced mail received;

Step 1.4: decide to export by given input;

Restoration methods after described Email re-encryption, comprises the following steps:

Step 2.1: receive the mail that re-encryption output unit forwards, and give the process of re-encryption mail decryption unit;

Step 2.1: act on behalf of mail recipient and use the private key of oneself to be decrypted by re-encryption mail;

Step 2.2: the value utilizing re-encryption mail decryption unit to decrypt carries out bilinear operation, can obtain the plaintext of final mailer.

As preferably, in step 1.1, first suppose that security parameter is 1 ^kif, (q, g, G, G _t, e) ← BMsetup (1 ^k) be common parameter, G, G _tbe the group on q rank, q is the prime number of a k bit, definition bilinear operation e:G × G → G _t, message space, random selecting random selecting (being the group of integers on q rank), master key msk=c, the private key obtaining original addressee A is sk ₁=(a ₁, b ₁, g, H ₁(id ₁) ^c), the PKI acting on behalf of addressee B is wherein H ₁hASH function a: H ₁: { 0,1} → G, H ₂: G _t→ G.

As preferably, in step 1.2, according to the public and private key obtained in step 1.1, random selecting calculate re-encryption tuple:

$(Z_1,Z_2,Z_3)=({\left(h^{a_2}\right)}^{z/a_1},{\left(h^{b_2}\right)}^{z/b_1},h^z).$

As preferably, in step 1.3, use pk ₁, pk ₂, Z ₁, Z ₂, Z ₃generate one obscure after re-encryption loop as input one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G time, choose heavy random value weight stochastic arithmetic is carried out to W, X, Y: $W^{\′}\←W\·{\left(g^{a_1}\right)}^r,X^{\′}\←X\·{\left(g^{b_1}\right)}^s,Y^{\′}\←Y\·g^{r+s},$ Calculate respectively E ← e (W ', Z ₁), F ← e (X ', Z ₂) and G ← e (Y ', Z ₃), finally choose and export heavy random number

As preferably, in step 1.4, if input is keys, then export with if input is one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G, then the data utilizing step 1.3 to calculate export ciphertext if other input then exports ⊥; After completing output, email relaying is acted on behalf of addressee accordingly.

As preferably, in step 2.1, if namely re-encryption mail reception unit receives is not pk ₁, pk ₂, neither then give next cell processing by ⊥.

As preferably, in step 2.2, act on behalf of the privacy enhanced mail that addressee receives

$\[k^d,E^y,F^y,G^y\·e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),Z_3^y,X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\]$

Can be written as

$\begin{array}{c}\[k^d,e{(g^{a_1(r+r^{\′})},h^{a_{2}z/a_1})}^y,e{(g^{b_1(s+s^{\′})},h^{b_{2}z/b_1})}^y,e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·\\ e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\],\end{array}$

Namely equal:

$\begin{array}{c}\[k^d,{(g,h)}^{a_{2}z(r+r^{\′})y},e{(g,h)}^{b_{2}z(s+s^{\′})y},e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y\·\\ e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\];\end{array}$

First the cipher key calculation by acting on behalf of recipient goes out calculate $e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y=\frac{e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right)}{e(k^d,H_2(X\left)\right)},$ Calculate ${\left(e{(g,h)}^{a_{2}z(r+r^{\′})y}\right)}^{1/a_2}\·{\left(e{\left(g,h\right)}^{b_{2}z(s+s^{\′})y}\right)}^{1/b_2}=e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})};$ Calculate again $\frac{e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y}{e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})}}=e(m,h^{zy}).$

As preferably, in step 2.3, original e-mail search unit obtains e (m, h ^zy), and according to known h ^zy, in message space, calculate e (m _i, h ^zy)=e (m, h ^zy), finally obtain m _inamely be the plaintext of mail.

The present invention has the features such as implementation complexity is low, fail safe is high, easy recovery, is applicable to carry out re-encryption forwarding by third party's mail service business to mail when not leaking mail original receivers and mail agent recipient private key and not leaking any information of mail itself.Namely it solve the safe re-encryption forwarding problems of privacy enhanced mail, carried out again obscuring of safety and can resist trustless third-party reverse-engineering calculating on traditional re-encryption basis.

Main feature of the present invention has:

(1) efficient data conversion algorithm.

(2) high fail safe.

(3) efficient recovery policy.

The present invention compared with prior art tool has the following advantages and beneficial effect:

First, Re-encryption Technology traditional is at present when third party performs, third party can require that the private key of the original addressee of mail is encrypted as the form of acting on behalf of addressee again and is transmitted to act on behalf of addressee to decrypt mail, and it may leak the private key of original addressee and the information of mail itself.The present invention first generates re-encryption tuple to send to third-party server again, ensure that the fail safe of private key and mail.

Secondly, current applied Re-encryption Technology, although also process private key, because method is simply easy to be obtained its private key and plaintext (iTunesDRM Re-encryption Technology is just successfully cracked) by reverse-engineering computing.The present invention has carried out obscuring of safety to it on the basis of re-encryption, makes it effectively can must resist reverse-engineering to obtain any information of private key and original e-mail.

Again, prior art can not judge privacy enhanced mail, and the mail if not the public key encryption of original addressee still can be sent to act on behalf of addressee by re-encryption.This programme can effectively judge mail, if input is not the mail of original addressee's public key encryption, system will no longer forward this mail.

Finally, the present invention utilizes cryptography instrument, achieves the safe storage of mail, efficiency is high, and cost is low, and fail safe is high, the advantage such as strong robustness, strong operability, namely can be used for the mail server system of enterprise self, can be used for again large-scale commercial mail services device system.

Accompanying drawing explanation

Fig. 1 is that the Email re-encryption of a kind of anti-reverse-engineering of the present invention forwards solution framework figure;

Fig. 2 is Email re-encryption flow chart in the present invention;

Fig. 3 is the Email deciphering flow chart in the present invention after re-encryption.

Embodiment

Understand for the ease of those of ordinary skill in the art and implement the present invention, below in conjunction with drawings and Examples, the present invention is described in further detail, should be appreciated that exemplifying embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.

In traditional re-encryption scheme, re-encryption program may be carried out reverse operation by third party and obtain private key, and for making up the deficiency of existing scheme, the present invention adopts re-encryption and obfuscation, re-encryption loop is carried out obscuring of safety, carried out on the server acting on behalf of re-encryption.When mail server acts on behalf of re-encryption to mail, privacy enhanced mail re-encryption is act on behalf of the form that addressee can decipher by the re-encryption scheme provided in operational version.Owing to having carried out obscuring of safety to re-encryption loop, effectively can resist dishonest third party's counterweight encipheror and carry out reverse-engineering computing.

Ask for an interview Fig. 1, Fig. 2 and Fig. 3, the safety of electronic mail repeater system of a kind of anti-reverse-engineering provided by the invention, recover module by secret mail re-encryption module and re-encryption mail and form; Secret mail re-encryption module comprises pretreatment parameter generation unit 1.1, re-encryption tuple generation unit 1.2, the re-encryption processing unit 1.3 obscured, re-encryption output unit 1.4; Re-encryption mail recovers module and comprises re-encryption mail reception unit 2.1, re-encryption mail decryption unit 2.2, original e-mail search unit 2.3;

Pretreatment parameter generation unit 1.1 is responsible for selected parameter, reads the private key of mail original receivers and the PKI of mail agent recipient, and encryption tuple of attaching most importance to generation unit 1.2 provides functional foundations; Re-encryption tuple generation unit 1.2 is responsible for using the parameter of pretreatment parameter generation unit 1.1 generation and public and private key to generate re-encryption tuple (re-encryption tuple both can not leak the private key of mail original receivers, also can not leak the private key of mail agent recipient); The re-encryption tuple that the re-encryption processing unit 1.3 obscured is generated by re-encryption tuple generation unit 1.2 carries out re-encryption computing to the privacy enhanced mail received; Re-encryption output unit 1.4 is responsible for the result after exporting re-encryption; Re-encryption mail reception unit 2.1 is responsible for the result receiving the output of re-encryption output unit 1.4; Re-encryption mail decryption unit 2.2 is responsible for the mail using the private key acting on behalf of recipient to receive to decipher re-encryption mail reception unit 2.1; Original e-mail search unit 2.3 is responsible for using bilinear operation to search out the complete content of original e-mail.

The safety of electronic mail retransmission method of a kind of anti-reverse-engineering provided by the invention, comprises restoration methods after Email re-encryption method and Email re-encryption;

As Fig. 2, Email re-encryption process is as follows: the re-encryption processing unit → re-encryption output unit of parameter generating unit → re-encryption tuple generation unit → obscured.

(1) parameter generating unit.Be responsible for selected scheme desired parameters, read the private key of mail original receivers and the PKI of mail agent recipient, encryption tuple of attaching most importance to generation unit provides functional foundations.In this example, suppose that security parameter is 1 ^kif, (q, g, G, G _t, e) ← BMsetup (1 ^k) be common parameter, G, G _tbe the group on q rank, q is the prime number of a k bit, definition bilinear operation e:G × G → G _t), message space, random selecting $h,g,k\stackrel{r}{\←}G,X\stackrel{r}{\←}{G}_T,$ Random selecting $a_1,a_2,b_1,b_2,c,d\stackrel{r}{\←}{Z}_q$ (being the group of integers on q rank), master key msk=c, the private key obtaining original addressee A is sk ₁=(a ₁, b ₁, g, H ₁(id ₁) ^c), the PKI acting on behalf of addressee B is wherein H ₁hASH function a: H ₁: { 0,1} → G, H ₂: G _t→ G.

(2) re-encryption tuple generation unit.Be responsible for using the parameter of pretreatment parameter generation unit generation and public and private key to generate re-encryption tuple.In this example, according to the public and private key that (1) obtains, random selecting calculate re-encryption tuple $(Z_1,Z_2,Z_3)=({\left(h^{a_2}\right)}^{z/a_1},{\left(h^{b_2}\right)}^{z/b_1},h^z).$

(3) the re-encryption processing unit obscured.The re-encryption tuple generated by re-encryption tuple generation unit carries out re-encryption computing to the privacy enhanced mail received.In this example, use pk ₁, pk ₂, Z ₁, Z ₂, Z ₃generate one obscure after re-encryption loop as input one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G time, choose heavy random value $r,s\stackrel{r}{\←}{Z}_q^{*},$ Weight stochastic arithmetic is carried out to W, X, Y: $W^{\′}\←W\·{\left(g^{a_1}\right)}^r,X^{\′}\←X\·$ ${\left(g^{b_1}\right)}^s,Y^{\′}\←Y\·g^{r+s},$ Calculate respectively E ← e (W ', Z ₁), F ← e (X ', Z ₂) and G ← e (Y ', Z ₃), finally choose and export heavy random number

(4) re-encryption output unit.Decide to export by given input.If input is keys, then export ${\mathrm{pk}}_1=(g^{a_1},g^{b_1},g)$ With ${\mathrm{pk}}_2=(h^{a_2},h^{b_2},h);$ If input is one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G, then the data utilizing (3) to calculate export ciphertext if other input then exports ⊥.After completing output, email relaying is acted on behalf of addressee accordingly.

When privacy enhanced mail is after correspondence acts on behalf of the form of addressee by re-encryption, mail is forwarded to acts on behalf of addressee, act on behalf of addressee to need to recover from the mail of re-encryption expressly, as Fig. 3, mail recovery process is as follows: re-encryption mail reception unit → re-encryption mail decryption unit → original e-mail search unit.

(5) re-encryption mail reception unit.Receive the mail that re-encryption output unit forwards, and give the process of re-encryption mail decryption unit.In this example, if namely re-encryption mail reception unit receives is not pk ₁, pk ₂, neither then give next cell processing by ⊥.

(6) re-encryption mail decryption unit.Acting on behalf of mail recipient uses the private key of oneself to be decrypted by re-encryption mail.In this example, act on behalf of the privacy enhanced mail that addressee receives can be written as $\[k^d,e{(g^{a_1(r+r^{\′})},h^{a_{2}z/a_1})}^y,e{(g^{b_1(s+s^{\′})},h^{b_{2}z/b_1})}^y,e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·$ $e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\],$ Namely equal $\[k^d,{(g,h)}^{a_{2}z(r+r^{\′})y},e{(g,h)}^{b_{2}z(s+s^{\′})y},e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y\·$ $e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\].$ First the cipher key calculation by acting on behalf of recipient goes out $X=\frac{X\·e{\left(k^c{H}_1\right({\mathrm{id}}_2\left)\right)}^d}{e(k^d,H_1{\left({\mathrm{id}}_2\right)}^c)},$ Calculate $e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y=$ $\frac{e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·e{\left(k^c{H}_1\right({\mathrm{id}}_1\left)\right)}^d\·e(k^d{H}_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right)}{e(k^d,H_2(X\left)\right)},$ Calculate ${\left(e{(g,h)}^{a_{2}z(r+r^{\′})y}\right)}^{1/a_2}.$ ${\left(e{(g,h)}^{b_{2}z(s+s^{\′})y}\right)}^{1/b_2}=e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})};$ Calculate again $\frac{e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y}{e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})}}=$ $e(m,h^{zy}).$

(7) original e-mail search unit.The value utilizing re-encryption mail decryption unit to decrypt carries out bilinear operation, can obtain the plaintext of final mailer.In this example, original e-mail search unit obtains e (m, h ^zy), and according to known h ^zy, in message space, calculate e (m _i, h ^zy)=e (m, h ^zy), finally obtain m _inamely be the plaintext of mail.

Should be understood that, the part that this specification does not elaborate all belongs to prior art.

Should be understood that; the above-mentioned description for preferred embodiment is comparatively detailed; therefore the restriction to scope of patent protection of the present invention can not be thought; those of ordinary skill in the art is under enlightenment of the present invention; do not departing under the ambit that the claims in the present invention protect; can also make and replacing or distortion, all fall within protection scope of the present invention, request protection range of the present invention should be as the criterion with claims.

Claims (9)

1. a safety of electronic mail repeater system for anti-reverse-engineering, is characterized in that: recover module by secret mail re-encryption module and re-encryption mail and form;

Described secret mail re-encryption module comprises pretreatment parameter generation unit (1.1), re-encryption tuple generation unit (1.2), the re-encryption processing unit (1.3) obscured, re-encryption output unit (1.4);

Described re-encryption mail recovers module and comprises re-encryption mail reception unit (2.1), re-encryption mail decryption unit (2.2), original e-mail search unit (2.3);

Described pretreatment parameter generation unit (1.1) is responsible for selected parameter, reads the private key of mail original receivers and the PKI of mail agent recipient, for described re-encryption tuple generation unit (1.2) provides functional foundations; The parameter that pretreatment parameter generation unit (1.1) described in the responsible use of described re-encryption tuple generation unit (1.2) produces and public and private key are to generate re-encryption tuple; The re-encryption tuple that the described re-encryption processing unit (1.3) obscured is generated by described re-encryption tuple generation unit (1.2) carries out re-encryption computing to the privacy enhanced mail received; Described re-encryption output unit (1.4) is responsible for the result after exporting re-encryption; Described re-encryption mail reception unit (2.1) is responsible for the result that the re-encryption output unit (1.4) described in reception exports; Described re-encryption mail decryption unit (2.2) is responsible for the mail using the private key acting on behalf of recipient to receive to decipher described re-encryption mail reception unit (2.1); Described original e-mail search unit (2.3) is responsible for using bilinear operation to search out the complete content of original e-mail.

2. utilize the safety of electronic mail repeater system of the anti-reverse-engineering described in claim 1 to carry out a method for safety of electronic mail forwarding, it is characterized in that: comprise restoration methods after Email re-encryption method and Email re-encryption;

Described Email re-encryption method, comprises the following steps:

Step 1.1: generate parameter; First selected desired parameters, reads the private key of mail original receivers and the PKI of mail agent recipient, and encryption tuple of attaching most importance to generation unit provides functional foundations;

Step 1.2: be responsible for using the parameter of pretreatment parameter generation unit generation and public and private key to generate re-encryption tuple;

Step 1.3: the re-encryption tuple generated by re-encryption tuple generation unit carries out re-encryption computing to the privacy enhanced mail received;

Step 1.4: decide to export by given input;

Restoration methods after described Email re-encryption, comprises the following steps:

Step 2.1: receive the mail that re-encryption output unit forwards, and give the process of re-encryption mail decryption unit;

Step 2.1: act on behalf of mail recipient and use the private key of oneself to be decrypted by re-encryption mail;

Step 2.2: the value utilizing re-encryption mail decryption unit to decrypt carries out bilinear operation, can obtain the plaintext of final mailer.

3. method according to claim 2, is characterized in that: in step 1.1, first supposes that security parameter is 1 ^kif, (q, g, G, G _t, e) ← BMsetup (1 ^k) be common parameter, G, G _tbe the group on q rank, q is the prime number of a k bit, definition bilinear operation e:G × G → G _t, message space, random selecting random selecting the group of integers on q rank), master key msk=c, the private key obtaining original addressee A is sk ₁=(a ₁, b ₁, g, H ₁(id ₁) ^c), the PKI acting on behalf of addressee B is wherein H ₁hASH function a: H ₁: { 0,1} → G, H ₂: G _t→ G.

4. method according to claim 3, is characterized in that: in step 1.2, according to the public and private key obtained in step 1.1, and random selecting calculate re-encryption tuple:

$(Z_1,Z_2,Z_3)=({\left(h^{a_2}\right)}^{z/a_1},{\left(h^{b_2}\right)}^{z/b_1},h^z).$

5. method according to claim 3, is characterized in that: in step 1.3, uses pk ₁, pk ₂, Z ₁, Z ₂, Z ₃generate one obscure after re-encryption loop as input one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G time, choose heavy random value weight stochastic arithmetic is carried out to W, X, Y: calculate respectively E ← e (W ', Z ₁), F ← e (X ', Z ₂) and G ← e (Y ', Z ₃), finally choose and export heavy random number

6. method according to claim 3, is characterized in that: in step 1.4, if input is keys, then exports with if input is one 5 tuple [0, W, X, Y, k ^d] and W, X, Y ∈ G, then the data utilizing step 1.3 to calculate export ciphertext $\[k^d,E^y,F^y,G^y\·e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),Z_3^y,X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\];$ If other input then exports ⊥; After completing output, email relaying is acted on behalf of addressee accordingly.

7. method according to claim 6, is characterized in that: in step 2.1, if namely re-encryption mail reception unit receives is not pk ₁, pk ₂, neither then give next cell processing by ⊥.

8. method according to claim 6, is characterized in that: in step 2.2, acts on behalf of the privacy enhanced mail that addressee receives

$\[k^d,E^y,F^y,G^y\·e{\left(k^c,H_1\left({\mathrm{id}}_1\right)\right)}^d\·e\left(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2\left(X\right)\right),Z_3^y,X\·e{\left(k^c,H_1\left({\mathrm{id}}_2\right)\right)}^d\]$

Can be written as

$\begin{array}{c}\[k^d,e{(g^{a_1(r+r^{\′})},h^{a_{2}z/a_1})}^y,e{(g^{b_1(s+s^{\′})},h^{b_{2}z/b_1})}^y,e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·\\ e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\],\end{array}$

Namely equal:

$\begin{array}{c}\[k^d,e{(g,h)}^{a_{2}z(r+r^{\′})y},e{(g,h)}^{b_{2}z(s+s^{\′})y},e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y\·\\ e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right),h^{zy},X\·e{(k^c,H_1({\mathrm{id}}_2\left)\right)}^d\];\end{array}$

First the cipher key calculation by acting on behalf of recipient goes out calculate $e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y=\frac{e{(g^{(r+s+r^{\′}+s^{\′})}\·m,h^z)}^y\·e{(k^c,H_1({\mathrm{id}}_1\left)\right)}^d\·e(k^d,H_1{\left({\mathrm{id}}_1\right)}^{-c}\·H_2(X\left)\right)}{e\left(k^d{H}_2\right(X\left)\right)},$ Calculate ${\left(e{(g,h)}^{a_{2}z(r+r^{\′})y}\right)}^{1/a_2}\·{\left(e{(g,h)}^{b_{2}z(s+s^{\′})y}\right)}^{1/b_2}=e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})};$ Calculate again $\frac{e{(g,h)}^{(r+s+r^{\′}+s^{\′})zy}e{(m,h^z)}^y}{e{(g,h)}^{yz(r+s+r^{\′}+s^{\′})}}=e(m,h^{zy}).$

9. method according to claim 6, is characterized in that: in step 2.3, original e-mail search unit obtains e (m, h ^zy), and according to known h ^zy, in message space, calculate e (m _i, h ^zy)=e (m, h ^zy), finally obtain m _inamely be the plaintext of mail.